Vulnerabilites related to Netwin - SurgeFTP
CVE-2001-0698 (GCVE-0-2001-0698)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "surgeftp-nlist-directory-traversal(6711)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"name": "2892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the \u0027nlist ...\u0027 command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "surgeftp-nlist-directory-traversal(6711)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"name": "2892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the \u0027nlist ...\u0027 command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netwinsite.com/surgeftp/manual/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "20010619 SurgeFTP vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "surgeftp-nlist-directory-traversal(6711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"name": "2892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0698",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-29T00:00:00",
"dateUpdated": "2024-08-08T04:30:06.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17933 (GCVE-0-2017-17933)
Vulnerability from cvelistv5
Published
2017-12-29 18:00
Modified
2024-08-05 21:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-29T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17933",
"datePublished": "2017-12-29T18:00:00",
"dateReserved": "2017-12-27T00:00:00",
"dateUpdated": "2024-08-05T21:06:49.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1068 (GCVE-0-2010-1068)
Vulnerability from cvelistv5
Published
2010-03-23 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:05.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38097"
},
{
"name": "11092",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"name": "surgeftp-surgeftpmgr-xss(55509)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38097"
},
{
"name": "11092",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"name": "surgeftp-surgeftpmgr-xss(55509)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38097"
},
{
"name": "11092",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"name": "surgeftp-surgeftpmgr-xss(55509)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1068",
"datePublished": "2010-03-23T18:00:00",
"dateReserved": "2010-03-23T00:00:00",
"dateUpdated": "2024-08-07T01:14:05.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0697 (GCVE-0-2001-0697)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010228 SurgeFTP Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"name": "surgeftp-listing-dos(6168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"name": "20010301 SurgeFTP 1.0b Denial of Service",
"tags": [
"mailing-list",
"x_refsource_WIN2KSEC",
"x_transferred"
],
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an \u0027ls ..\u0027 command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010228 SurgeFTP Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"name": "surgeftp-listing-dos(6168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"name": "20010301 SurgeFTP 1.0b Denial of Service",
"tags": [
"mailing-list",
"x_refsource_WIN2KSEC"
],
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an \u0027ls ..\u0027 command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010228 SurgeFTP Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"name": "surgeftp-listing-dos(6168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"name": "20010301 SurgeFTP 1.0b Denial of Service",
"refsource": "WIN2KSEC",
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"name": "http://netwinsite.com/surgeftp/manual/updates.htm",
"refsource": "CONFIRM",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0697",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-29T00:00:00",
"dateUpdated": "2024-08-08T04:30:06.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1052 (GCVE-0-2008-1052)
Vulnerability from cvelistv5
Published
2008-02-27 19:00
Modified
2024-08-07 08:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080225 NULL pointer in SurgeFTP 2.3a2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"name": "29096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"name": "surgeftp-contentlength-dos(40843)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"name": "3704",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3704"
},
{
"name": "27993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080225 NULL pointer in SurgeFTP 2.3a2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"name": "29096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"name": "surgeftp-contentlength-dos(40843)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"name": "3704",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3704"
},
{
"name": "27993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080225 NULL pointer in SurgeFTP 2.3a2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"name": "29096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29096"
},
{
"name": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"name": "surgeftp-contentlength-dos(40843)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"name": "3704",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3704"
},
{
"name": "27993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1052",
"datePublished": "2008-02-27T19:00:00",
"dateReserved": "2008-02-27T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4742 (GCVE-0-2013-4742)
Vulnerability from cvelistv5
Published
2013-08-09 21:00
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54188"
},
{
"name": "surgeftp-cve20134742-vfprint-bo(85922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"name": "95582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95582"
},
{
"name": "61403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61403"
},
{
"name": "20130722 SurgeFtp Server BufferOverflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54188"
},
{
"name": "surgeftp-cve20134742-vfprint-bo(85922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"name": "95582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95582"
},
{
"name": "61403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61403"
},
{
"name": "20130722 SurgeFtp Server BufferOverflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54188"
},
{
"name": "surgeftp-cve20134742-vfprint-bo(85922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"name": "95582",
"refsource": "OSVDB",
"url": "http://osvdb.org/95582"
},
{
"name": "61403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61403"
},
{
"name": "20130722 SurgeFtp Server BufferOverflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4742",
"datePublished": "2013-08-09T21:00:00",
"dateReserved": "2013-07-01T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1355 (GCVE-0-2001-1355)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3077"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"name": "netwin-nwauth-bo(6865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3077"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"name": "netwin-nwauth-bo(6865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3077"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"name": "netwin-nwauth-bo(6865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1355",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2318 (GCVE-0-2004-2318)
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "surgeftp-web-interface-dos(15001)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt"
},
{
"name": "10758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://www.secunia.com/advisories/10758/"
},
{
"name": "3788",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3788"
},
{
"name": "9554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9554"
},
{
"name": "1008898",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1008898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "surgeftp-web-interface-dos(15001)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt"
},
{
"name": "10758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://www.secunia.com/advisories/10758/"
},
{
"name": "3788",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3788"
},
{
"name": "9554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9554"
},
{
"name": "1008898",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1008898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "surgeftp-web-interface-dos(15001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15001"
},
{
"name": "http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt",
"refsource": "MISC",
"url": "http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt"
},
{
"name": "10758",
"refsource": "SECUNIA",
"url": "http://www.secunia.com/advisories/10758/"
},
{
"name": "3788",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3788"
},
{
"name": "9554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9554"
},
{
"name": "1008898",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2318",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1354 (GCVE-0-2001-1354)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "netwin-nwauth-weak-encryption(6866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"name": "3075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3075"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/198293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "netwin-nwauth-weak-encryption(6866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"name": "3075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3075"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/198293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netwin-nwauth-weak-encryption(6866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"name": "3075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3075"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/198293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1354",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-10028 (GCVE-0-2012-10028)
Vulnerability from cvelistv5
Published
2025-08-05 20:04
Modified
2025-08-07 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2012-10028",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T15:49:54.720390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T15:49:58.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/netwin_surgeftp_exec.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23522"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23601"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"surgeftpmgr.cgi"
],
"product": "SurgeFTP",
"vendor": "Netwin",
"versions": [
{
"lessThanOrEqual": "23c8",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Spencer McIntyre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system."
}
],
"value": "Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T20:04:20.181Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/netwin_surgeftp_exec.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23522"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23601"
},
{
"tags": [
"product"
],
"url": "https://netwinsite.com/surgeftp/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netwin-surgeftp-auth-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netwin SurgeFTP \u003c= v23c8 Authenticated RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2012-10028",
"datePublished": "2025-08-05T20:04:20.181Z",
"dateReserved": "2025-08-05T16:05:41.764Z",
"dateUpdated": "2025-08-07T15:49:58.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0696 (GCVE-0-2001-0696)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2891"
},
{
"name": "surgeftp-concon-dos(6712)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2891"
},
{
"name": "surgeftp-concon-dos(6712)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010619 SurgeFTP vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "http://netwinsite.com/surgeftp/manual/updates.htm",
"refsource": "MISC",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2891"
},
{
"name": "surgeftp-concon-dos(6712)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0696",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-29T00:00:00",
"dateUpdated": "2024-08-08T04:30:06.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3768 (GCVE-0-2007-3768)
Vulnerability from cvelistv5
Published
2007-07-15 21:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26061"
},
{
"name": "37909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37909"
},
{
"name": "2883",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2883"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "surgeftp-pasv-dos(35376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26061"
},
{
"name": "37909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37909"
},
{
"name": "2883",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2883"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "surgeftp-pasv-dos(35376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26061"
},
{
"name": "37909",
"refsource": "OSVDB",
"url": "http://osvdb.org/37909"
},
{
"name": "2883",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2883"
},
{
"name": "ADV-2007-2528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "surgeftp-pasv-dos(35376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt",
"refsource": "MISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3768",
"datePublished": "2007-07-15T21:00:00",
"dateReserved": "2007-07-15T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3769 (GCVE-0-2007-3769)
Vulnerability from cvelistv5
Published
2007-07-15 21:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26061"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26061"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26061"
},
{
"name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt",
"refsource": "MISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"refsource": "OSVDB",
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3769",
"datePublished": "2007-07-15T21:00:00",
"dateReserved": "2007-07-15T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1356 (GCVE-0-2001-1356)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "surgeftp-weak-password-encryption(6961)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"name": "20010804 SurgeFTP admin account bruteforcable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"name": "3157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "surgeftp-weak-password-encryption(6961)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"name": "20010804 SurgeFTP admin account bruteforcable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"name": "3157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "surgeftp-weak-password-encryption(6961)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"name": "20010804 SurgeFTP admin account bruteforcable",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"name": "3157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1356",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1034 (GCVE-0-2005-1034)
Vulnerability from cvelistv5
Published
2005-04-09 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"name": "13054",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13054"
},
{
"name": "14888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14888"
},
{
"name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"name": "surgeftp-leak-ftp-dos(20011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"name": "13054",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13054"
},
{
"name": "14888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14888"
},
{
"name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"name": "surgeftp-leak-ftp-dos(20011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013664",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013664"
},
{
"name": "http://www.security.org.sg/vuln/surgeftp22m1.html",
"refsource": "MISC",
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"name": "13054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13054"
},
{
"name": "14888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14888"
},
{
"name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"name": "surgeftp-leak-ftp-dos(20011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1034",
"datePublished": "2005-04-09T04:00:00",
"dateReserved": "2005-04-10T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt | Exploit, Vendor Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1008898 | ||
| cve@mitre.org | http://www.osvdb.org/3788 | ||
| cve@mitre.org | http://www.secunia.com/advisories/10758/ | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/9554 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/15001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1008898 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/3788 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.secunia.com/advisories/10758/ | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9554 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/15001 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4FD50F-DDFA-40AD-BFCC-F606CEF450F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:1.0b:*:win_95_98:*:*:*:*:*",
"matchCriteriaId": "691BD1B5-A764-4A81-9825-2EF10490DE66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "AC94C372-7536-4692-AEA7-B58B32E2A5F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0a:*:win_95_98:*:*:*:*:*",
"matchCriteriaId": "99A48AB6-6307-48FE-8AA0-8F04610FE3F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "59DB045D-91F6-4AFC-8331-F2155D38D5FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0b:*:win_95_98:*:*:*:*:*",
"matchCriteriaId": "3FF5F8DD-1639-4F4D-AB47-FC6ED5FB47A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "C38E3BA1-DD78-4CB8-A680-B7D99CAD84B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "283FCBC2-3C13-491C-A145-4177F7C37EA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE7C06B-1376-4095-A284-14F310D7AA5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0f:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2BB9D2-70AE-4684-B4E7-32610DD9DDC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.2k1:*:*:*:*:*:*:*",
"matchCriteriaId": "0192C7F5-18F3-4157-BA85-8B4D7076C8AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter."
}
],
"id": "CVE-2004-2318",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1008898"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3788"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.secunia.com/advisories/10758/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/9554"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1008898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.secunia.com/advisories/10758/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/9554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.netwinsite.com/surgeftp/manual/updates.htm | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/191916 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/2892 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6711 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.netwinsite.com/surgeftp/manual/updates.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/191916 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2892 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6711 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4FD50F-DDFA-40AD-BFCC-F606CEF450F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "AC94C372-7536-4692-AEA7-B58B32E2A5F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the \u0027nlist ...\u0027 command."
}
],
"id": "CVE-2001-0698",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2892"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/198293 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/3077 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6865 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/198293 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6865 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:dmail:2.5d:*:*:*:*:*:*:*",
"matchCriteriaId": "EF456029-C817-4FC5-AFE2-9637219E220C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "60C72EA3-5D19-44B7-AB3D-99122A470205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.7q:*:*:*:*:*:*:*",
"matchCriteriaId": "316BCDB3-3762-436F-91B2-41231A55CB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.7r:*:*:*:*:*:*:*",
"matchCriteriaId": "AD266925-B677-4462-9BF6-0828FD5CBF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BD3CC6-5E2C-4534-925E-B81D92F18A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "C25AB545-FCF5-42FB-801E-07DF0ADC4865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8g:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6F3B04-6DA7-42F8-8873-7625B93523ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8h:*:*:*:*:*:*:*",
"matchCriteriaId": "F44C662D-58ED-41E0-8718-259321F9F9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE745C7-C370-44FF-BAC4-EE93EE6AFC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4FD50F-DDFA-40AD-BFCC-F606CEF450F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "AC94C372-7536-4692-AEA7-B58B32E2A5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "59DB045D-91F6-4AFC-8331-F2155D38D5FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command."
}
],
"id": "CVE-2001-1355",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-23 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt | Exploit | |
| cve@mitre.org | http://secunia.com/advisories/38097 | Vendor Advisory | |
| cve@mitre.org | http://www.exploit-db.com/exploits/11092 | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/55509 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38097 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/11092 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/55509 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a6:*:*:*:*:*:*:*",
"matchCriteriaId": "D73F32DF-1209-4EC7-9C67-661039454DF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en surgeftpmgr.cgi en NetWin SurgeFTP v2.3a6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de los par\u00e1metros (1) domainid o (2) classid en una acci\u00f3n class."
}
],
"id": "CVE-2010-1068",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-23T18:30:00.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38097"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/201951 | Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/6961.php | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/3157 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/201951 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/6961.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3157 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "AC94C372-7536-4692-AEA7-B58B32E2A5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "59DB045D-91F6-4AFC-8331-F2155D38D5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "C38E3BA1-DD78-4CB8-A680-B7D99CAD84B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "283FCBC2-3C13-491C-A145-4177F7C37EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE7C06B-1376-4095-A284-14F310D7AA5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0f:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2BB9D2-70AE-4684-B4E7-32610DD9DDC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021."
}
],
"id": "CVE-2001-1356",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-15 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt | ||
| cve@mitre.org | http://marc.info/?l=full-disclosure&m=118409539009277&w=2 | Patch | |
| cve@mitre.org | http://osvdb.org/37911 | ||
| cve@mitre.org | http://secunia.com/advisories/26061 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2528 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35378 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=118409539009277&w=2 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/37911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26061 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2528 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35378 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A19D3F7-3770-4A85-BD7A-16BBC05001FE",
"versionEndIncluding": "2.3a1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administraci\u00f3n de servidor espejo en SurgeFTP 2.3a1 permite a servidores FTP remotos, con la intervenci\u00f3n del usuario, inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante una respuesta mal formada sin un c\u00f3digo de estado, lo cual se refleja al usuario en el mensaje de error resultante. NOTA: esto puede ser aprovechado para obtener acceso como root mediante una secuencia de pasos involucrando secuencias de comandos web que crean una nueva cuenta de usuario FTP."
}
],
"id": "CVE-2007-3769",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-15T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37911"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26061"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-29 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:23f2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A50B40A-FD4D-4B24-95EA-15BB523F7F52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter."
},
{
"lang": "es",
"value": "cgi/surgeftpmgr.cgi (tambi\u00e9n conocido como la interfaz de gesti\u00f3n web en los puertos TCP 7021 o 9021) en NetWin SurgeFTP versi\u00f3n 23f2 tiene XSS mediante los par\u00e1metros classid, domainid o username."
}
],
"id": "CVE-2017-17933",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-29T18:29:00.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-15 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt | ||
| cve@mitre.org | http://marc.info/?l=full-disclosure&m=118409539009277&w=2 | ||
| cve@mitre.org | http://osvdb.org/37909 | ||
| cve@mitre.org | http://secunia.com/advisories/26061 | Patch, Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/2883 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2528 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35376 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=118409539009277&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/37909 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26061 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2883 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2528 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35376 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A19D3F7-3770-4A85-BD7A-16BBC05001FE",
"versionEndIncluding": "2.3a1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command."
},
{
"lang": "es",
"value": "El mecanismo de espejo del SurgeFTP 2.3a1 permite a atacantes con la intervenci\u00f3n del usuario, a trav\u00e9s de servidores FTP remotos provocar una denegaci\u00f3n de servicio (reinicio) a trav\u00e9s de una respuesta mal formada en el par\u00e1metro PASV."
}
],
"id": "CVE-2007-3768",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-15T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37909"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26061"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2883"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://netwinsite.com/surgeftp/manual/updates.htm | ||
| cve@mitre.org | http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/165816 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/2442 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6168 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://netwinsite.com/surgeftp/manual/updates.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/165816 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2442 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6168 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFE3E77-6C42-4809-820C-A6853531D933",
"versionEndIncluding": "1.1h",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an \u0027ls ..\u0027 command."
}
],
"id": "CVE-2001-0697",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/2442"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/2442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html | ||
| cve@mitre.org | http://osvdb.org/95582 | ||
| cve@mitre.org | http://secunia.com/advisories/54188 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/61403 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/85922 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/95582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/54188 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/61403 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/85922 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netwin | surgeftp | * | |
| netwin | surgeftp | 2.0c | |
| netwin | surgeftp | 2.0d | |
| netwin | surgeftp | 2.0e | |
| netwin | surgeftp | 2.0f | |
| netwin | surgeftp | 2.2k1 | |
| netwin | surgeftp | 2.2k3 | |
| netwin | surgeftp | 2.2m1 | |
| netwin | surgeftp | 2.3a1 | |
| netwin | surgeftp | 2.3a2 | |
| netwin | surgeftp | 2.3a6 | |
| netwin | surgeftp | 2.3a7 | |
| netwin | surgeftp | 2.3a8 | |
| netwin | surgeftp | 2.3a9 | |
| netwin | surgeftp | 2.3a10 | |
| netwin | surgeftp | 2.3a12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E76384B4-0180-42A5-BD06-B22FB3136E95",
"versionEndIncluding": "2.3b1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "C38E3BA1-DD78-4CB8-A680-B7D99CAD84B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "283FCBC2-3C13-491C-A145-4177F7C37EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE7C06B-1376-4095-A284-14F310D7AA5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0f:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2BB9D2-70AE-4684-B4E7-32610DD9DDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.2k1:*:*:*:*:*:*:*",
"matchCriteriaId": "0192C7F5-18F3-4157-BA85-8B4D7076C8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.2k3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19CD1C-42AD-484E-BB72-FDE2A456E8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.2m1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A86FD78-51C7-4834-9B48-255FCD9E927D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a1:*:*:*:*:*:*:*",
"matchCriteriaId": "849A502A-DB29-4B16-A891-B0C478D6D560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECEB4F1-48B7-495C-9FF6-ACEDD15B0D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a6:*:*:*:*:*:*:*",
"matchCriteriaId": "D73F32DF-1209-4EC7-9C67-661039454DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a7:*:*:*:*:*:*:*",
"matchCriteriaId": "D453D462-56F5-4E8C-A2B5-EADC8D518E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a8:*:*:*:*:*:*:*",
"matchCriteriaId": "A250C0AB-BAB2-4719-923B-2D96B6A7F3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a9:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6F9844-710C-40BC-9F6F-63D108AD31D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a10:*:*:*:*:*:*:*",
"matchCriteriaId": "14534BD9-A84C-4150-827B-9B586E681FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a12:*:*:*:*:*:*:*",
"matchCriteriaId": "06EE205A-33CE-4847-8350-CB5B7E4274BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en NetWin SurgeFTP anterior a v23d2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena larga dentro de la solicitud de autenticaci\u00f3n."
}
],
"id": "CVE-2013-4742",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T21:55:07.193",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95582"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54188"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61403"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://netwinsite.com/surgeftp/manual/updates.htm | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/191916 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/2891 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6712 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://netwinsite.com/surgeftp/manual/updates.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/191916 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2891 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6712 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4FD50F-DDFA-40AD-BFCC-F606CEF450F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "AC94C372-7536-4692-AEA7-B58B32E2A5F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con."
}
],
"id": "CVE-2001-0696",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2891"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=111289226204780&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/14888 | Patch, Vendor Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1013664 | ||
| cve@mitre.org | http://www.security.org.sg/vuln/surgeftp22m1.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/13054 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/20011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=111289226204780&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14888 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1013664 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.security.org.sg/vuln/surgeftp22m1.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/13054 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/20011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.2k3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19CD1C-42AD-484E-BB72-FDE2A456E8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.2m1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A86FD78-51C7-4834-9B48-255FCD9E927D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command."
}
],
"id": "CVE-2005-1034",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14888"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013664"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13054"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-27 19:44
Modified
2025-04-09 00:30
Severity ?
Summary
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://aluigi.altervista.org/adv/surgeftpizza-adv.txt | ||
| cve@mitre.org | http://secunia.com/advisories/29096 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/3704 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/488745/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/27993 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/40843 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://aluigi.altervista.org/adv/surgeftpizza-adv.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29096 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3704 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/488745/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27993 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/40843 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.3a2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECEB4F1-48B7-495C-9FF6-ACEDD15B0D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails."
},
{
"lang": "es",
"value": "La interface de administraci\u00f3n web de NetWin SurgeFTP 2.3a2 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s un entero largo en la cabecera Content-Length HTT, lo cual dispara un puntero a referencia NULL cuando la asignaci\u00f3n de memoria falla."
}
],
"id": "CVE-2008-1052",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-27T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29096"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3704"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27993"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/198293 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/3075 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6866 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/198293 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3075 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6866 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:dmail:2.5d:*:*:*:*:*:*:*",
"matchCriteriaId": "EF456029-C817-4FC5-AFE2-9637219E220C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "60C72EA3-5D19-44B7-AB3D-99122A470205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.7q:*:*:*:*:*:*:*",
"matchCriteriaId": "316BCDB3-3762-436F-91B2-41231A55CB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.7r:*:*:*:*:*:*:*",
"matchCriteriaId": "AD266925-B677-4462-9BF6-0828FD5CBF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BD3CC6-5E2C-4534-925E-B81D92F18A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "C25AB545-FCF5-42FB-801E-07DF0ADC4865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8g:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6F3B04-6DA7-42F8-8873-7625B93523ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8h:*:*:*:*:*:*:*",
"matchCriteriaId": "F44C662D-58ED-41E0-8718-259321F9F9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:dmail:2.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE745C7-C370-44FF-BAC4-EE93EE6AFC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4FD50F-DDFA-40AD-BFCC-F606CEF450F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "AC94C372-7536-4692-AEA7-B58B32E2A5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "59DB045D-91F6-4AFC-8331-F2155D38D5FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password."
}
],
"id": "CVE-2001-1354",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3075"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}